AMBARI-19195. Add permission for Service Auto Start (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d48b8d9b Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d48b8d9b Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d48b8d9b Branch: refs/heads/branch-dev-patch-upgrade Commit: d48b8d9b0852d22af4f9bb2191c51c706e292460 Parents: c01f4d8 Author: Robert Levas <rle...@hortonworks.com> Authored: Tue Dec 20 12:55:46 2016 -0500 Committer: Robert Levas <rle...@hortonworks.com> Committed: Tue Dec 20 12:55:46 2016 -0500 ---------------------------------------------------------------------- .../AmbariManagementControllerImpl.java | 279 +++++++++++++++---- .../internal/ComponentResourceProvider.java | 6 +- .../internal/ConfigurationResourceProvider.java | 12 +- .../internal/HostResourceProvider.java | 26 +- .../AmbariAuthorizationFilter.java | 2 + .../authorization/RoleAuthorization.java | 8 +- .../server/upgrade/UpgradeCatalog250.java | 54 +++- .../main/resources/Ambari-DDL-Derby-CREATE.sql | 9 + .../main/resources/Ambari-DDL-MySQL-CREATE.sql | 9 + .../main/resources/Ambari-DDL-Oracle-CREATE.sql | 9 + .../resources/Ambari-DDL-Postgres-CREATE.sql | 9 + .../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 9 + .../resources/Ambari-DDL-SQLServer-CREATE.sql | 9 + .../security/TestAuthenticationFactory.java | 5 + .../server/upgrade/UpgradeCatalog250Test.java | 89 ++++++ 15 files changed, 426 insertions(+), 109 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java index 5f64c18..f8191fa 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java @@ -783,6 +783,29 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle } } + /** + * Creates a configuration. + * <p> + * This implementation ensures the authenticated user is authorized to create the new configuration + * based on the details of what properties are being changed and the authorizations the authenticated + * user has been granted. + * <p> + * Example + * <ul> + * <li> + * If the user is attempting to change a service-level configuration that user must be granted the + * <code>SERVICE_MODIFY_CONFIGS</code> privilege (authorization) + * </li> + * <li> + * If the user is attempting to change the cluster-wide value to enable or disable auto-start + * (<code>cluster-env/recovery_enabled</code>), that user must be granted the + * <code>CLUSTER_MANAGE_AUTO_START</code> privilege (authorization) + * </li> + * </ul> + * + * @param request the request object which defines the configuration. + * @throws AmbariException when the configuration cannot be created. + */ @Override public synchronized ConfigurationResponse createConfiguration( ConfigurationRequest request) throws AmbariException, AuthorizationException { @@ -809,19 +832,32 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle // happen in unit test cases but should not happen with later versions of stacks. } + // Get the changes so that the user's intention can be determined. For example, maybe + // the user wants to change the run-as user for a service or maybe the the cluster-wide + // recovery mode setting. + Map<String, String[]> propertyChanges = getPropertyChanges(cluster, request); + if(StringUtils.isEmpty(service)) { - if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), - EnumSet.of(RoleAuthorization.CLUSTER_MODIFY_CONFIGS))) { - throw new AuthorizationException("The authenticated user does not have authorization " + - "to create cluster configurations"); - } + // If the configuration is not attached to a specific service, it is a cluster-wide configuration + // type. For example, cluster-env. + + // If the user is trying to set the cluster-wide recovery mode, ensure that user + // has the appropriate authorization + validateAuthorizationToManageServiceAutoStartConfiguration(cluster, configType, propertyChanges); + + // If the user is trying to set any other cluster-wide property, ensure that user + // has the appropriate authorization + validateAuthorizationToModifyConfigurations(cluster, configType, propertyChanges, + Collections.singletonMap("cluster-env", Collections.singleton("recovery_enabled")), + false); } else { - if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), - EnumSet.of(RoleAuthorization.SERVICE_MODIFY_CONFIGS))) { - throw new AuthorizationException("The authenticated user does not have authorization " + - "to create service configurations"); - } + // If the user is trying to set any service-level property, ensure that user + // has the appropriate authorization + validateAuthorizationToModifyConfigurations(cluster, configType, propertyChanges, null, true); + + // Ensure the user is allowed to update service users and groups. + validateAuthorizationToUpdateServiceUsersAndGroups(cluster, configType, propertyChanges); } Map<String, String> requestProperties = request.getProperties(); @@ -891,6 +927,11 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle Config config = createConfig(cluster, request.getType(), requestProperties, request.getVersionTag(), propertiesAttributes); + LOG.info(MessageFormat.format("Creating configuration with tag ''{0}'' to cluster ''{1}'' for configuration type {2}", + request.getVersionTag(), + request.getClusterName(), + configType)); + return new ConfigurationResponse(cluster.getClusterName(), config); } @@ -1626,28 +1667,6 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle for (ConfigurationRequest cr : desiredConfigs) { String configType = cr.getType(); - // If the config type is for a service, then allow a user with SERVICE_MODIFY_CONFIGS to - // update, else ensure the user has CLUSTER_MODIFY_CONFIGS - String service = null; - - try { - service = cluster.getServiceForConfigTypes(Collections.singleton(configType)); - } catch (IllegalArgumentException e) { - // Ignore this since we may have hit a config type that spans multiple services. This may - // happen in unit test cases but should not happen with later versions of stacks. - } - - if(StringUtils.isEmpty(service)) { - if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), EnumSet.of(RoleAuthorization.CLUSTER_MODIFY_CONFIGS))) { - throw new AuthorizationException("The authenticated user does not have authorization to modify cluster configurations"); - } - } - else { - if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), EnumSet.of(RoleAuthorization.SERVICE_MODIFY_CONFIGS))) { - throw new AuthorizationException("The authenticated user does not have authorization to modify service configurations"); - } - } - if (null != cr.getProperties()) { // !!! empty property sets are supported, and need to be able to use // previously-defined configs (revert) @@ -1656,16 +1675,13 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle !all.containsKey(cr.getVersionTag()) || // tag not set cr.getProperties().size() > 0) { // properties to set - // Ensure the user is allowed to update all properties - validateAuthorizationToUpdateServiceUsersAndGroups(cluster, cr); + cr.setClusterName(cluster.getClusterName()); + configurationResponses.add(createConfiguration(cr)); LOG.info(MessageFormat.format("Applying configuration with tag ''{0}'' to cluster ''{1}'' for configuration type {2}", cr.getVersionTag(), request.getClusterName(), configType)); - - cr.setClusterName(cluster.getClusterName()); - configurationResponses.add(createConfiguration(cr)); } } note = cr.getServiceConfigVersionNote(); @@ -1842,6 +1858,65 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle } /** + * Given a configuration request, compares the requested properties to the current set of desired + * properties for the same configuration type and returns a map of property names to an array of + * Strings representing the current value (index 0), and the requested value (index 1). + * <p> + * <ul> + * <li> + * If a property is set in the requested property set and not found in the current property set, + * the current value (index 0) will be <code>null</code> - {<code>null</code>, "requested value"} + * </li> + * <li> + * If a property is set in the current property set and not found in the requested property set, + * the requested value (index 1) will be <code>null</code> - {"current value", <code>null</code>} + * </li> + * <li> + * If a property found in bother current property set and the requested property set, + * the requested value (index 1) will be <code>null</code> - {"current value", "requested value"} + * </li> + * </ul> + * + * @param cluster the relevant cluster + * @param request the request data + * @return a map lf property names to String arrays indicating the requsted changes ({current value, requested valiue}) + */ + private Map<String, String[]> getPropertyChanges(Cluster cluster, ConfigurationRequest request) { + Map<String, String[]> changedProperties = new HashMap<String, String[]>(); + + // Ensure that the requested property map is not null. + Map<String, String> requestedProperties = request.getProperties(); + if (requestedProperties == null) { + requestedProperties = Collections.emptyMap(); + } + + // Get the current/desired properties for the relevant configuration type and ensure that the + // property map is not null. + Config existingConfig = cluster.getDesiredConfigByType(request.getType()); + Map<String, String> existingProperties = (existingConfig == null) ? null : existingConfig.getProperties(); + if (existingProperties == null) { + existingProperties = Collections.emptyMap(); + } + + // Ensure all propery names are captured, including missing ones from either set. + Set<String> propertyNames = new HashSet<String>(); + propertyNames.addAll(requestedProperties.keySet()); + propertyNames.addAll(existingProperties.keySet()); + + for(String propertyName:propertyNames) { + String requestedValue = requestedProperties.get(propertyName); + String existingValue = existingProperties.get(propertyName); + + // Perform case-sensitive match. It is possible that case matters here. + if((requestedValue == null) ? (existingValue != null) : !requestedValue.equals(existingValue)) { + changedProperties.put(propertyName, new String[]{existingValue, requestedValue}); + } + } + + return changedProperties; + } + + /** * Comparison of two attributes maps * @param requestConfigAttributes - attribute map sent from API * @param clusterConfigAttributes - existed attribute map @@ -5135,22 +5210,24 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle * the properties of types USER and GROUP have not been changed. If they have been, an * AuthorizationException is thrown. * - * @param cluster the relevant cluster - * @param request the configuration request + * @param cluster the relevant cluster + * @param configType the changed configuration type + * @param propertyChanges a map of the property changes for the relevant configuration type * @throws AuthorizationException if the user is not authorized to perform this operation */ - protected void validateAuthorizationToUpdateServiceUsersAndGroups(Cluster cluster, ConfigurationRequest request) + protected void validateAuthorizationToUpdateServiceUsersAndGroups(Cluster cluster, + String configType, + Map<String, String[]> propertyChanges) throws AuthorizationException { - // If the authenticated user is not authorized to set service users or groups, make sure the - // relevant properties are not changed. However, if the user is authorized to set service - // users and groups, there is nothing to check. - if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), - RoleAuthorization.SERVICE_SET_SERVICE_USERS_GROUPS)) { - Map<String, String> requestProperties = request.getProperties(); - if (requestProperties != null) { - Map<PropertyInfo.PropertyType, Set<String>> propertyTypes = cluster.getConfigPropertiesTypes( - request.getType()); + if ((propertyChanges != null) && !propertyChanges.isEmpty()) { + // If the authenticated user is not authorized to set service users or groups, make sure the + // relevant properties are not changed. However, if the user is authorized to set service + // users and groups, there is nothing to check. + if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), + RoleAuthorization.SERVICE_SET_SERVICE_USERS_GROUPS)) { + + Map<PropertyInfo.PropertyType, Set<String>> propertyTypes = cluster.getConfigPropertiesTypes(configType); // Create a composite set of properties to check... Set<String> propertiesToCheck = new HashSet<String>(); @@ -5166,20 +5243,14 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle } // If there are no USER or GROUP type properties, skip the validation check... - if (!propertiesToCheck.isEmpty()) { - - Config existingConfig = cluster.getDesiredConfigByType(request.getType()); - Map<String, String> existingProperties = (existingConfig == null) ? null : existingConfig.getProperties(); - if (existingProperties == null) { - existingProperties = Collections.emptyMap(); - } - - for (String propertyName : propertiesToCheck) { - String existingProperty = existingProperties.get(propertyName); - String requestProperty = requestProperties.get(propertyName); + for (String propertyName : propertiesToCheck) { + String[] values = propertyChanges.get(propertyName); + if (values != null) { + String existingValue = values[0]; + String requestedValue = values[1]; // If the properties don't match, so thrown an authorization exception - if ((existingProperty == null) ? (requestProperty != null) : !existingProperty.equals(requestProperty)) { + if ((existingValue == null) ? (requestedValue != null) : !existingValue.equals(requestedValue)) { throw new AuthorizationException("The authenticated user is not authorized to set service user and groups"); } } @@ -5189,6 +5260,92 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle } /** + * Validates that the authenticated user can manage the cluster-wide configuration for a service's + * ability to be set to auto-start. + * <p/> + * If the user is authorized, than this method exits quickly. + * If the user is not authorized, then this method verifies that the configuration property + * <code>cluster-env/recovery_enabled</code> is not changed. If it was, an + * {@link AuthorizationException} is thrown. + * + * @param cluster the relevant cluster + * @param configType the changed configuration type + * @param propertyChanges a map of the property changes for the relevant configuration type + * @throws AuthorizationException if the user is not authorized to perform this operation + */ + protected void validateAuthorizationToManageServiceAutoStartConfiguration(Cluster cluster, + String configType, + Map<String, String[]> propertyChanges) + throws AuthorizationException { + // If the authenticated user is authorized to manage the cluster-wide configuration for a + // service's ability to be set to auto-start, there is nothing to check. + if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), + RoleAuthorization.CLUSTER_MANAGE_AUTO_START)) { + + if ("cluster-env".equals(configType) && propertyChanges.containsKey("recovery_enabled")) { + throw new AuthorizationException("The authenticated user is not authorized to set service user and groups"); + } + } + } + + /** + * Validates that the authenticated user can modify configurations for either a service or the + * cluster. + * <p> + * Since some properties have special meaning, they may be ignored when perfoming this authorization + * check. For example, to change the cluster's overall auto-start setting (cluster-env/recovery_enabled) + * requires a specific permission that is not the same as the ability to set cluster-wide properties + * (in general). Because of this, the <code>cluster-env/recovery_enabled</code> propery should be + * ignored in this check since permission to change it is expected to be validated elsewhere. + * + * @param cluster the relevant cluster + * @param configType the changed configuration type + * @param propertyChanges a map of the property changes for the relevant configuration type + * @param changesToIgnore a map of configuration type names to sets of propery names to be ignored + * @param isServiceConfiguration <code>true</code>, if the configuration type is a service-level configuration; + * <code>false</code>, if the configuration type is a cluster-level configuration + * @throws AuthorizationException if the authenticated user is not authorized to change the requested configuration + */ + private void validateAuthorizationToModifyConfigurations(Cluster cluster, String configType, + Map<String, String[]> propertyChanges, + Map<String, Set<String>> changesToIgnore, + boolean isServiceConfiguration) + throws AuthorizationException { + // If the authenticated user is authorized to update cluster-wide/service-level configurations + // there is nothing to check, else ensure no (relevant) configurations are being changed - ignoring + // the specified configurations which may fall under a special category. + // For example cluster-env/recovery_enabled requires a special permission - CLUSTER.MANAGE_AUTO_START + if ((propertyChanges != null) && !propertyChanges.isEmpty()) { + boolean isAuthorized = (isServiceConfiguration) + ? AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), RoleAuthorization.SERVICE_MODIFY_CONFIGS) + : AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), RoleAuthorization.CLUSTER_MODIFY_CONFIGS); + + if (!isAuthorized) { + Set<String> relevantChangesToIgnore = changesToIgnore.get(configType); + Map<String, String[]> relevantPropertyChanges; + + // If necessary remove any non-relevant property changes. + if (relevantChangesToIgnore == null) + relevantPropertyChanges = propertyChanges; + else { + relevantPropertyChanges = new HashMap<String, String[]>(propertyChanges); + + for (String propertyName : relevantChangesToIgnore) { + relevantPropertyChanges.remove(propertyName); + } + } + + // If relevant configuration changes have been made, then the user is not authorized to + // perform the requested operation and an AuthorizationException must be thrown + if (relevantPropertyChanges.size() > 0) { + throw new AuthorizationException(String.format("The authenticated user does not have authorization to modify %s configurations", + (isServiceConfiguration) ? "service" : "cluster")); + } + } + } + } + + /** * This method will delete a link between an extension version and a stack version (Extension Link). * * An extension version is like a stack version but it contains custom services. Linking an extension http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ComponentResourceProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ComponentResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ComponentResourceProvider.java index 453c688..65cfcaa 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ComponentResourceProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ComponentResourceProvider.java @@ -124,7 +124,7 @@ public class ComponentResourceProvider extends AbstractControllerResourceProvide setRequiredDeleteAuthorizations(EnumSet.of(RoleAuthorization.SERVICE_ADD_DELETE_SERVICES, RoleAuthorization.HOST_ADD_DELETE_COMPONENTS)); setRequiredGetAuthorizations(RoleAuthorization.AUTHORIZATIONS_VIEW_SERVICE); setRequiredGetAuthorizations(RoleAuthorization.AUTHORIZATIONS_VIEW_SERVICE); - setRequiredUpdateAuthorizations(RoleAuthorization.AUTHORIZATIONS_UPDATE_CLUSTER); + setRequiredUpdateAuthorizations(RoleAuthorization.AUTHORIZATIONS_UPDATE_SERVICE); } @@ -195,7 +195,7 @@ public class ComponentResourceProvider extends AbstractControllerResourceProvide } @Override - public RequestStatus updateResources(final Request request, Predicate predicate) + public RequestStatus updateResourcesAuthorized(final Request request, Predicate predicate) throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException { final Set<ServiceComponentRequest> requests = new HashSet<>(); @@ -552,7 +552,7 @@ public class ComponentResourceProvider extends AbstractControllerResourceProvide if (!StringUtils.isEmpty(request.getRecoveryEnabled())) { // Verify that the authenticated user has authorization to change auto-start states for services AuthorizationHelper.verifyAuthorization(ResourceType.CLUSTER, getClusterResourceId(clusterName), - EnumSet.of(RoleAuthorization.SERVICE_START_STOP)); + EnumSet.of(RoleAuthorization.CLUSTER_MANAGE_AUTO_START, RoleAuthorization.SERVICE_MANAGE_AUTO_START)); boolean newRecoveryEnabled = Boolean.parseBoolean(request.getRecoveryEnabled()); boolean oldRecoveryEnabled = sc.isRecoveryEnabled(); http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProvider.java index 6e9765c..7c8e49e 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProvider.java @@ -1,4 +1,4 @@ -/** +/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -103,13 +103,11 @@ public class ConfigurationResourceProvider extends * @param managementController the associated management controller */ ConfigurationResourceProvider(AmbariManagementController managementController) { - super(PROPERTY_IDS, KEY_PROPERTY_IDS, managementController); - EnumSet<RoleAuthorization> createConfigsAuthSet = - EnumSet.of(RoleAuthorization.SERVICE_MODIFY_CONFIGS, RoleAuthorization.CLUSTER_MODIFY_CONFIGS); - setRequiredCreateAuthorizations(createConfigsAuthSet); - //update and delete are not supported for configs + // creating configs requires authorizations based on the type of changes being performed, therefore + // checks need to be performed inline. + // update and delete are not supported for configs setRequiredGetAuthorizations(EnumSet.of(RoleAuthorization.CLUSTER_VIEW_CONFIGS)); } @@ -118,7 +116,7 @@ public class ConfigurationResourceProvider extends // ----- ResourceProvider -------------------------------------------------- @Override - public RequestStatus createResourcesAuthorized(Request request) + public RequestStatus createResources(Request request) throws SystemException, UnsupportedPropertyException, ResourceAlreadyExistsException, http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostResourceProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostResourceProvider.java index 05d635a..8142afc 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostResourceProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostResourceProvider.java @@ -1,4 +1,4 @@ -/** +/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -773,30 +773,6 @@ public class HostResourceProvider extends AbstractControllerResourceProvider { if (clusters.getHostsForCluster(clusterName).containsKey(host.getHostName())) { for (ConfigurationRequest cr : request.getDesiredConfigs()) { - String configType = cr.getType(); - - // If the config type is for a service, then allow a user with SERVICE_MODIFY_CONFIGS to - // update, else ensure the user has CLUSTER_MODIFY_CONFIGS - String service = null; - - try { - service = cluster.getServiceForConfigTypes(Collections.singleton(configType)); - } catch (IllegalArgumentException e) { - // Ignore this since we may have hit a config type that spans multiple services. This may - // happen in unit test cases but should not happen with later versions of stacks. - } - - if(StringUtils.isEmpty(service)) { - if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), EnumSet.of(RoleAuthorization.CLUSTER_MODIFY_CONFIGS))) { - throw new AuthorizationException("The authenticated user does not have authorization to modify cluster configurations"); - } - } - else { - if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), EnumSet.of(RoleAuthorization.SERVICE_MODIFY_CONFIGS))) { - throw new AuthorizationException("The authenticated user does not have authorization to modify service configurations"); - } - } - if (null != cr.getProperties() && cr.getProperties().size() > 0) { LOG.info(MessageFormat.format("Applying configuration with tag ''{0}'' to host ''{1}'' in cluster ''{2}''", cr.getVersionTag(), http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java index c7362aa..1faadb6 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java @@ -81,6 +81,7 @@ public class AmbariAuthorizationFilter implements Filter { private static final String API_CLUSTER_ALERT_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/alert.*"; private static final String API_CLUSTER_HOSTS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/hosts.*"; private static final String API_CLUSTER_CONFIGURATIONS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/configurations.*"; + private static final String API_CLUSTER_COMPONENTS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/components.*"; private static final String API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/host_components.*"; private static final String API_CLUSTER_CONFIG_GROUPS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/config_groups.*"; private static final String API_STACK_VERSIONS_PATTERN = API_VERSION_PREFIX + "/stacks/.*?/versions/.*"; @@ -341,6 +342,7 @@ public class AmbariAuthorizationFilter implements Filter { requestURI.matches(API_WIDGET_LAYOUTS_PATTERN) || requestURI.matches(API_CLUSTER_HOSTS_ALL_PATTERN) || requestURI.matches(API_CLUSTER_CONFIGURATIONS_ALL_PATTERN) || + requestURI.matches(API_CLUSTER_COMPONENTS_ALL_PATTERN) || requestURI.matches(API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN) || requestURI.matches(API_CLUSTER_CONFIG_GROUPS_ALL_PATTERN) || requestURI.matches(API_HOSTS_ALL_PATTERN) || http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java index 4a0ea71..969772f 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java @@ -53,6 +53,7 @@ public enum RoleAuthorization { CLUSTER_VIEW_STACK_DETAILS("CLUSTER.VIEW_STACK_DETAILS"), CLUSTER_VIEW_STATUS_INFO("CLUSTER.VIEW_STATUS_INFO"), CLUSTER_RUN_CUSTOM_COMMAND("CLUSTER.RUN_CUSTOM_COMMAND"), + CLUSTER_MANAGE_AUTO_START("CLUSTER.MANAGE_AUTO_START"), HOST_ADD_DELETE_COMPONENTS("HOST.ADD_DELETE_COMPONENTS"), HOST_ADD_DELETE_HOSTS("HOST.ADD_DELETE_HOSTS"), HOST_TOGGLE_MAINTENANCE("HOST.TOGGLE_MAINTENANCE"), @@ -78,6 +79,7 @@ public enum RoleAuthorization { SERVICE_VIEW_CONFIGS("SERVICE.VIEW_CONFIGS"), SERVICE_VIEW_METRICS("SERVICE.VIEW_METRICS"), SERVICE_VIEW_STATUS_INFO("SERVICE.VIEW_STATUS_INFO"), + SERVICE_MANAGE_AUTO_START("SERVICE.MANAGE_AUTO_START"), VIEW_USE("VIEW.USE"); public static final Set<RoleAuthorization> AUTHORIZATIONS_VIEW_CLUSTER = EnumSet.of( @@ -97,6 +99,7 @@ public enum RoleAuthorization { CLUSTER_TOGGLE_KERBEROS, CLUSTER_UPGRADE_DOWNGRADE_STACK, CLUSTER_MODIFY_CONFIGS, + CLUSTER_MANAGE_AUTO_START, SERVICE_MODIFY_CONFIGS); public static final Set<RoleAuthorization> AUTHORIZATIONS_VIEW_SERVICE = EnumSet.of( @@ -128,7 +131,10 @@ public enum RoleAuthorization { SERVICE_TOGGLE_ALERTS, SERVICE_MOVE, SERVICE_RUN_CUSTOM_COMMAND, - SERVICE_RUN_SERVICE_CHECK); + SERVICE_RUN_SERVICE_CHECK, + SERVICE_MANAGE_ALERTS, + SERVICE_MANAGE_AUTO_START, + SERVICE_SET_SERVICE_USERS_GROUPS); private final String id; http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java index a7e73fe..9734212 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java @@ -17,16 +17,8 @@ */ package org.apache.ambari.server.upgrade; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.atomic.AtomicLong; +import com.google.inject.Inject; +import com.google.inject.Injector; import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.actionmanager.CommandExecutionType; @@ -43,8 +35,18 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.jdbc.support.JdbcUtils; -import com.google.inject.Inject; -import com.google.inject.Injector; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.atomic.AtomicLong; /** * Upgrade catalog for version 2.5.0. @@ -150,6 +152,7 @@ public class UpgradeCatalog250 extends AbstractUpgradeCatalog { updateHiveLlapConfigs(); updateTablesForZeppelinViewRemoval(); updateAtlasConfigs(); + addManageServiceAutoStartPermissions(); } protected void updateHostVersionTable() throws SQLException { @@ -515,4 +518,31 @@ public class UpgradeCatalog250 extends AbstractUpgradeCatalog { } } } + + /** + * Add permissions for managing service auto-start. + * <p> + * <ul> + * <li>SERVICE.MANAGE_AUTO_START permissions for SERVICE.ADMINISTRATOR, CLUSTER.OPERATOR, CLUSTER.ADMINISTRATOR, AMBARI.ADMINISTRATOR</li> + * <li>CLUSTER.MANAGE_AUTO_START permissions for CLUSTER.OPERATOR, CLUSTER.ADMINISTRATOR, AMBARI.ADMINISTRATOR</li> + * </ul> + */ + protected void addManageServiceAutoStartPermissions() throws SQLException { + Collection<String> roles; + + // Add service-level auto-start permission + roles = Arrays.asList( + "AMBARI.ADMINISTRATOR:AMBARI", + "CLUSTER.ADMINISTRATOR:CLUSTER", + "CLUSTER.OPERATOR:CLUSTER", + "SERVICE.ADMINISTRATOR:CLUSTER"); + addRoleAuthorization("SERVICE.MANAGE_AUTO_START", "Manage service auto-start", roles); + + // Add cluster-level auto start-permission + roles = Arrays.asList( + "AMBARI.ADMINISTRATOR:AMBARI", + "CLUSTER.ADMINISTRATOR:CLUSTER", + "CLUSTER.OPERATOR:CLUSTER"); + addRoleAuthorization("CLUSTER.MANAGE_AUTO_START", "Manage service auto-start configuration", roles); + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql index 6d79cd4..b79c945 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql @@ -1238,6 +1238,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/Delete services' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'SERVICE.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' FROM SYSIBM.SYSDUMMY1 UNION ALL + SELECT 'SERVICE.MANAGE_AUTO_START', 'Manage service auto-start' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' FROM SYSIBM.SYSDUMMY1 UNION ALL @@ -1257,6 +1258,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'CLUSTER.MANAGE_USER_PERSISTED_DATA', 'Manage cluster-level user persisted data' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'CLUSTER.RUN_CUSTOM_COMMAND', 'Perform custom cluster-level actions' FROM SYSIBM.SYSDUMMY1 UNION ALL + SELECT 'CLUSTER.MANAGE_AUTO_START', 'Manage service auto-start configuration' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'AMBARI.MANAGE_SETTINGS', 'Manage settings' FROM SYSIBM.SYSDUMMY1 UNION ALL @@ -1326,6 +1328,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1354,6 +1357,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1367,6 +1371,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role @@ -1389,6 +1394,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1407,6 +1413,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role @@ -1430,6 +1437,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL @@ -1448,6 +1456,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql index b493d0a..1c502bc 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql @@ -1185,6 +1185,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/delete services' UNION ALL SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' UNION ALL SELECT 'SERVICE.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' UNION ALL + SELECT 'SERVICE.MANAGE_AUTO_START', 'Manage service auto-start' UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL @@ -1205,6 +1206,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL SELECT 'CLUSTER.RUN_CUSTOM_COMMAND', 'Perform custom cluster-level actions' UNION ALL + SELECT 'CLUSTER.MANAGE_AUTO_START', 'Manage service auto-start configuration' UNION ALL SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' UNION ALL SELECT 'AMBARI.MANAGE_SETTINGS', 'Manage administrative settings' UNION ALL @@ -1274,6 +1276,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1302,6 +1305,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1315,6 +1319,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role @@ -1338,6 +1343,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1357,6 +1363,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role @@ -1381,6 +1388,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL @@ -1400,6 +1408,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql index 3e40103..c6d4ad0 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql @@ -1183,6 +1183,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/delete services' FROM dual UNION ALL SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' from dual UNION ALL SELECT 'SERVICE.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' FROM dual UNION ALL + SELECT 'SERVICE.MANAGE_AUTO_START', 'Manage service auto-start' FROM dual UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' FROM dual UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' FROM dual UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' FROM dual UNION ALL @@ -1203,6 +1204,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' FROM dual UNION ALL SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' FROM dual UNION ALL SELECT 'CLUSTER.RUN_CUSTOM_COMMAND', 'Perform custom cluster-level actions' FROM dual UNION ALL + SELECT 'CLUSTER.MANAGE_AUTO_START', 'Manage service auto-start configuration' FROM dual UNION ALL SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' FROM dual UNION ALL SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' FROM dual UNION ALL SELECT 'AMBARI.MANAGE_SETTINGS', 'Manage settings' FROM dual UNION ALL @@ -1272,6 +1274,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1300,6 +1303,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1313,6 +1317,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role @@ -1336,6 +1341,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1355,6 +1361,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role @@ -1379,6 +1386,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL @@ -1398,6 +1406,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql index e072805..1be87bb 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql @@ -1165,6 +1165,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/delete services' UNION ALL SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' UNION ALL SELECT 'SERVICE.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' UNION ALL + SELECT 'SERVICE.MANAGE_AUTO_START', 'Manage service auto-start' UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL @@ -1185,6 +1186,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL SELECT 'CLUSTER.RUN_CUSTOM_COMMAND', 'Perform custom cluster-level actions' UNION ALL + SELECT 'CLUSTER.MANAGE_AUTO_START', 'Manage service auto-start configuration' UNION ALL SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' UNION ALL SELECT 'AMBARI.MANAGE_SETTINGS', 'Manage administrative settings' UNION ALL @@ -1254,6 +1256,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1282,6 +1285,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1295,6 +1299,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role @@ -1318,6 +1323,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1337,6 +1343,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role @@ -1361,6 +1368,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL @@ -1380,6 +1388,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql index 01d9be5..abe48e8 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql @@ -1180,6 +1180,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/delete services' UNION ALL SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' UNION ALL SELECT 'SERVICE.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' UNION ALL + SELECT 'SERVICE.MANAGE_AUTO_START', 'Manage service auto-start' UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL @@ -1200,6 +1201,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL SELECT 'CLUSTER.RUN_CUSTOM_COMMAND', 'Perform custom cluster-level actions' UNION ALL + SELECT 'CLUSTER.MANAGE_AUTO_START', 'Manage service auto-start configuration' UNION ALL SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' UNION ALL SELECT 'AMBARI.MANAGE_SETTINGS', 'Manage settings' UNION ALL @@ -1269,6 +1271,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1297,6 +1300,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1310,6 +1314,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role @@ -1333,6 +1338,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1352,6 +1358,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role @@ -1376,6 +1383,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL @@ -1395,6 +1403,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql index dc03827..169a464 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql @@ -1194,6 +1194,7 @@ BEGIN TRANSACTION SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/delete services' UNION ALL SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' UNION ALL SELECT 'SERVICE.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' UNION ALL + SELECT 'SERVICE.MANAGE_AUTO_START', 'Manage service auto-start' UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL @@ -1214,6 +1215,7 @@ BEGIN TRANSACTION SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL SELECT 'CLUSTER.RUN_CUSTOM_COMMAND', 'Perform custom cluster-level actions' UNION ALL + SELECT 'CLUSTER.MANAGE_AUTO_START', 'Manage service auto-start configuration' UNION ALL SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' UNION ALL SELECT 'AMBARI.MANAGE_SETTINGS', 'Manage settings' UNION ALL @@ -1283,6 +1285,7 @@ BEGIN TRANSACTION SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1311,6 +1314,7 @@ BEGIN TRANSACTION SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1324,6 +1328,7 @@ BEGIN TRANSACTION SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role @@ -1347,6 +1352,7 @@ BEGIN TRANSACTION SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1366,6 +1372,7 @@ BEGIN TRANSACTION SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role @@ -1390,6 +1397,7 @@ BEGIN TRANSACTION SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL @@ -1409,6 +1417,7 @@ BEGIN TRANSACTION SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_AUTO_START' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java index a66a3c9..1e68f9d 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java @@ -218,6 +218,8 @@ public class TestAuthenticationFactory { RoleAuthorization.SERVICE_VIEW_STATUS_INFO, RoleAuthorization.SERVICE_VIEW_OPERATIONAL_LOGS, RoleAuthorization.CLUSTER_RUN_CUSTOM_COMMAND, + RoleAuthorization.SERVICE_MANAGE_AUTO_START, + RoleAuthorization.CLUSTER_MANAGE_AUTO_START, RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA))); return permissionEntity; } @@ -257,6 +259,8 @@ public class TestAuthenticationFactory { RoleAuthorization.SERVICE_MANAGE_CONFIG_GROUPS, RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA, RoleAuthorization.SERVICE_VIEW_OPERATIONAL_LOGS, + RoleAuthorization.SERVICE_MANAGE_AUTO_START, + RoleAuthorization.CLUSTER_MANAGE_AUTO_START, RoleAuthorization.CLUSTER_MANAGE_CREDENTIALS))); return permissionEntity; } @@ -291,6 +295,7 @@ public class TestAuthenticationFactory { RoleAuthorization.SERVICE_VIEW_METRICS, RoleAuthorization.SERVICE_VIEW_STATUS_INFO, RoleAuthorization.SERVICE_VIEW_OPERATIONAL_LOGS, + RoleAuthorization.SERVICE_MANAGE_AUTO_START, RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA))); return permissionEntity; }